<?php

if(!defined('IN_AACMS') || !defined('IN_ADMINCP')) {
	exit('Access Denied');
}

require_once libfile('class/upload');
$upload = new upload();

if($operation == 'editor_imageupload') {
	
	$state = "SUCCESS";
	$title = htmlspecialchars($_POST['pictitle'], ENT_QUOTES);
	
	$upload->init($_FILES['picdata'], 'editor');
	$attach = $upload->attach;
	
	if(!allow_extend($attach['ext'])) {
		$state = lang('error', 'file_upload_error_-105');
		exit("{'url':'','title':'','state':'".$state."'}");
	}
	
	if(!$upload->error()) {
		$upload->save();
	} else {
		$state = lang('error', 'file_upload_error_'.$upload->error());
	}

	if($_G['setting']['ftp']['on'] && ((!$_G['setting']['ftp']['allowedexts'] && !$_G['setting']['ftp']['disallowedexts']) || ($_G['setting']['ftp']['allowedexts'] && in_array($attach['ext'], $_G['setting']['ftp']['allowedexts'])) || ($_G['setting']['ftp']['disallowedexts'] && !in_array($attach['ext'], $_G['setting']['ftp']['disallowedexts']))) && (!$_G['setting']['ftp']['minsize'] || $attach['size'] >= $_G['setting']['ftp']['minsize'] * 1024)) {		
		if(ftpcmd('upload', 'editor/'.$attach['attachment'])) {
			@unlink($_G['setting']['attachdir'].'/editor/'.$attach['attachment']);
			$attach['remote'] = 1;
		}
	}
	
	$image = attachurl($attach['attachment'], 'editor', 0, $attach['remote']);
	
	echo "{'url':'".$image."','title':'".$title."','state':'".$state."'}";

} elseif($operation == 'article_upload' || $operation == 'sgpage_upload') {
		
	if($operation == 'article_upload') {
		
		$setarr['aid'] = $_GET['aid'] ? intval($_GET['aid']) : 0;
		$type = 'article';
		$attachtable = 'article_attachment';
		
		
	} elseif($operation == 'sgpage_upload') {
		
		$setarr['pid'] = $_GET['pid'] ? intval($_GET['pid']) : 0;
		$type = 'sgpage';
		$attachtable = 'sgpage_attachment';
		
	}
	
	$upload->init($_FILES['attach'], $type);
	$attach = $upload->attach;
	
	if(!allow_extend($attach['ext'])) {
		upload_error(lang('error', 'file_upload_error_-105'));
	}
	
	if(!$upload->error()) {
		$upload->save();
	} else {
		upload_error(lang('error', 'file_upload_error_'.$upload->error()));
	}

	if($attach['isimage']) {
		require_once libfile('class/image');
		$image = new image();
		
		
		$thumbimgwidth = $_G['setting']['thumbwidth'] ? $_G['setting']['thumbwidth'] : 300;
		$thumbimgheight = $_G['setting']['thumbheight'] ? $_G['setting']['thumbheight'] : 300;
		$attach['thumb'] = $image->thumb($attach['target'], '', $thumbimgwidth, $thumbimgheight, 2);
		
		if($_G['setting']['watermarkstatus']) {
			$image->watermark($attach['target']);
		}
		
	}
	
	if($_G['setting']['ftp']['on'] && ((!$_G['setting']['ftp']['allowedexts'] && !$_G['setting']['ftp']['disallowedexts']) || ($_G['setting']['ftp']['allowedexts'] && in_array($attach['ext'], $_G['setting']['ftp']['allowedexts'])) || ($_G['setting']['ftp']['disallowedexts'] && !in_array($attach['ext'], $_G['setting']['ftp']['disallowedexts']))) && (!$_G['setting']['ftp']['minsize'] || $attach['size'] >= $_G['setting']['ftp']['minsize'] * 1024)) {		
		if(ftpcmd('upload', $type.'/'.$attach['attachment']) && (!$attach['thumb'] || ftpcmd('upload', $type.'/'.getimgthumbname($attach['attachment'])))) {
			@unlink($_G['setting']['attachdir'].'/'.$type.'/'.$attach['attachment']);
			@unlink($_G['setting']['attachdir'].'/'.$type.'/'.getimgthumbname($attach['attachment']));
			$attach['remote'] = 1;
		}
	}
	
	$setarr['uid'] 		= $_SESSION['uid'];
	$setarr['filename'] 	= $attach['name'];
	$setarr['attachment'] 	= $attach['attachment'];
	$setarr['filesize']		= $attach['size'];
	$setarr['isimage'] 	= $attach['isimage'];
	$setarr['thumb'] 		= $attach['thumb'];
	$setarr['remote'] 		= $attach['remote'];
	$setarr['filetype'] 		= $attach['ext'];
	$setarr['dateline'] 	= $_G['timestamp'];

	$setarr['attachid'] = DB::insert($attachtable, $setarr);
	upload_show($setarr, $type);

} elseif($operation == 'model_upload') {

	$mid = intval($_GET['mid']);
	$id = intval($_GET['id']);
	$type = 'model';
	
	$model = DB::getRow("SELECT mname, mtable, mdata FROM ".DB::table('model')." WHERE mid='$mid'");
	if(!$model['mname'] || !$model['mtable']) {
		upload_error(lang('error', 'model_not_found'));
	}
	
	$attachtable = $model['mtable'].'attach';
	$upload->init($_FILES['attach'], $type);
	$attach = $upload->attach;
	
	if(!allow_extend($attach['ext'])) {
		upload_error(lang('error', 'file_upload_error_-105'));
	}
	
	if(!$upload->error()) {
		$upload->save();
	} else {
		upload_error(lang('error', 'file_upload_error_'.$upload->error()));
	}

	if($attach['isimage']) {
		require_once libfile('class/image');
		$image = new image();
		
		
		$thumbimgwidth = $_G['setting']['thumbwidth'] ? $_G['setting']['thumbwidth'] : 300;
		$thumbimgheight = $_G['setting']['thumbheight'] ? $_G['setting']['thumbheight'] : 300;
		$attach['thumb'] = $image->thumb($attach['target'], '', $thumbimgwidth, $thumbimgheight, 2);
		
		if($_G['setting']['watermarkstatus']) {
			$image->watermark($attach['target']);
		}
		
	}
	
	if($_G['setting']['ftp']['on'] && ((!$_G['setting']['ftp']['allowedexts'] && !$_G['setting']['ftp']['disallowedexts']) || ($_G['setting']['ftp']['allowedexts'] && in_array($attach['ext'], $_G['setting']['ftp']['allowedexts'])) || ($_G['setting']['ftp']['disallowedexts'] && !in_array($attach['ext'], $_G['setting']['ftp']['disallowedexts']))) && (!$_G['setting']['ftp']['minsize'] || $attach['size'] >= $_G['setting']['ftp']['minsize'] * 1024)) {		
		if(ftpcmd('upload', $type.'/'.$attach['attachment']) && (!$attach['thumb'] || ftpcmd('upload', $type.'/'.getimgthumbname($attach['attachment'])))) {
			@unlink($_G['setting']['attachdir'].'/'.$type.'/'.$attach['attachment']);
			@unlink($_G['setting']['attachdir'].'/'.$type.'/'.getimgthumbname($attach['attachment']));
			$attach['remote'] = 1;
		}
	}
	
	$setarr['dataid'] 		= $id;
	$setarr['uid'] 		= $_SESSION['uid'];
	$setarr['filename'] 	= $attach['name'];
	$setarr['attachment'] 	= $attach['attachment'];
	$setarr['filesize']		= $attach['size'];
	$setarr['isimage'] 	= $attach['isimage'];
	$setarr['thumb'] 		= $attach['thumb'];
	$setarr['remote'] 		= $attach['remote'];
	$setarr['filetype'] 		= $attach['ext'];
	$setarr['dateline'] 	= $_G['timestamp'];

	$setarr['attachid'] = DB::insert($attachtable, $setarr);
	
	include libfile('function/modelcp');
	model_upload_show($setarr, $type, $mid);
	

} elseif($operation == 'article_attach_delete') {
	$id = intval($_GET['id']);
	DB::delete('article_attachment', "uid='{$_SESSION['uid']}' AND attachid='$id'");
	
} elseif($operation == 'sgpage_attach_delete') {
	$id = intval($_GET['id']);
	DB::delete('sgpage_attachment', "uid='{$_SESSION['uid']}' AND attachid='$id'");
	
} elseif($operation == 'model_attach_delete') {
	
	$mid = intval($_GET['mid']);
	$id = intval($_GET['id']);
	
	$mtable = DB::getOne("SELECT  mtable, mdata FROM ".DB::table('model')." WHERE mid='$mid'");
	if(!mtable) {
		return;
	}
	
	DB::delete($mtable.'attach', "uid='{$_SESSION['uid']}' AND attachid='$id'");
}


function upload_error($msg) {
	echo '<script>';
	echo 'if(parent.$(\'localfile_'.$_GET['attach_target_id'].'\') != null)parent.$(\'localfile_'.$_GET['attach_target_id'].'\').innerHTML = \''.$msg.'\';else alert(\''.$msg.'\')';
	echo '</script>';
	exit();
}

function upload_show($attach, $type='article') {

	$imagehtml = $filehtml = $coverstr ='';

	if($attach['isimage']) {
		$imagehtml = get_uploadcontent($attach, $type);
		$coverstr = addslashes(serialize(array('pic'=>$type.'/'.$attach['attachment'], 'thumb'=>$attach['thumb'], 'remote'=>$attach['remote'])));
	} else {
		$filehtml = get_uploadcontent($attach, $type);
	}

	echo '<script>';
	if($imagehtml) echo 'parent.$(\'attach_image_body\').innerHTML = \''.addslashes($imagehtml).'\'+parent.$(\'attach_image_body\').innerHTML;';
	if($filehtml) echo 'parent.$(\'attach_file_body\').innerHTML = \''.addslashes($filehtml).'\'+parent.$(\'attach_file_body\').innerHTML;';
	echo 'if(parent.$(\'localfile_'.$_GET['attach_target_id'].'\') != null)parent.$(\'localfile_'.$_GET['attach_target_id'].'\').style.display = \'none\';';
	echo 'parent.$(\'attach_ids\').value += \','.$attach['attachid'].'\';';
	if($coverstr) echo 'if(parent.$(\'conver\').value == \'\')parent.$(\'conver\').value = \''.$coverstr.'\';';
	echo '</script>';

}


?>